[email protected]CVE-2008-3929

HistorySep 04, 2008 - 6:41 p.m.

CVE-2008-3929

2008-09-0418:41:00

CWE-59

[email protected]

web.nvd.nist.gov

ampache

symlink attack

cve-2008-3929

security vulnerability

nvd

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.

CPENameOperatorVersion
ampache:ampacheampacheeq3.4.1

CPE	Name	Operator	Version
ampache:ampache	ampache	eq	3.4.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369

dev.gentoo.org/~rbu/security/debiantemp/ampache

freshmeat.net/projects/ampache/releases/283935

secunia.com/advisories/31657

secunia.com/advisories/33316

security.gentoo.org/glsa/glsa-200812-22.xml

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/30875

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/44739

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-3929

openvas4 cvelist1 gentoo1 ubuntucve1 nessus2 prion1 freebsd1 securityvulns1